Multiple critical flaws in Apache OpenMeetings, a web conferencing solution, exposed admin accounts to control and malicious code execution.

✅ CVE-2023-28936
✅ CVE-2023-29032
✅ CVE-2023-29246

Read details: https://thehackernews.com/2023/07/apache-openmeetings-web-conferencing.html

Mallox ransomware surges 174% in 2023, employing double extortion tactics by stealing data before encryption.

Read: https://thehackernews.com/2023/07/mallox-ransomware-exploits-weak-ms-sql.html

Targeting manufacturing, legal services, and retail sectors, they exploit vulnerable MS-SQL servers as a primary penetration vector.

⚠️ Alert! New security flaws in AMI MegaRAC BMC software have been disclosed, putting vulnerable servers at risk. Attackers could remotely take control and deploy malware.

Details here: https://thehackernews.com/2023/07/critical-flaws-in-ami-megarac-bmc.html

U.S. cybersecurity agency warns of a critical flaw (CVE-2023-3519) in Citrix NetScaler ADC and Gateway devices being exploited by hackers to drop web shells on vulnerable systems.

Learn more: https://thehackernews.com/2023/07/citrix-netscaler-adc-and-gateway.html

DDoS botnets are exploiting the CVE-2023-28771 vulnerability in Zyxel devices to gain remote control and launch devastating attacks.

Learn more: https://thehackernews.com/2023/07/ddos-botnets-hijacking-zyxel-devices-to.html

DDoS botnets are exploiting the CVE-2023-28771 vulnerability in Zyxel devices to gain remote control and launch devastating attacks.

Learn more: https://thehackernews.com/2023/07/ddos-botnets-hijacking-zyxel-devices-to.html

Protecting local governments from ransomware attacks is crucial! Implementing robust password policies is a step towards enhanced security. Check out tools like Specops Password Policy to keep your organization safe!

Read: https://thehackernews.com/2023/07/local-governments-targeted-for.html

Beware of BundleBot, a stealthy malware strain that's stealing sensitive info from compromised hosts! It spreads through Facebook Ads, cleverly disguised as regular programs, AI tools, or games.

Read: https://thehackernews.com/2023/07/sophisticated-bundlebot-malware.html

🚨 HotRat, a dangerous variant of the AsyncRAT malware, is spreading through pirated versions of popular software and games.

Read: https://thehackernews.com/2023/07/hotrat-new-variant-of-asyncrat-malware.html

Chinese nation-state actor Storm-0558's attack on Microsoft's email infrastructure is more extensive than previously believed. Researchers at Wiz reveal the scope, which included forging access tokens for various Azure AD applications!

Read: https://thehackernews.com/2023/07/azure-ad-token-forging-technique-in.html

🔒 Apple takes a strong stand for data security & privacy, warning it might stop offering iMessage and FaceTime in the U.K. rather than compromise on encryption, opposing new digital surveillance proposals.

Details: https://thehackernews.com/2023/07/apple-threatens-to-pull-imessage-and.html

⚠️ Researchers uncover first-ever open-source software supply chain attacks targeting banks!

🏦 Malware authors posed as employees, tricked users with preinstall scripts, and cleverly used Azure's CDN subdomains.

Read details: https://thehackernews.com/2023/07/banking-sector-targeted-in-open-source.html

🔒 Heads up, techies! A new vulnerability (CVE-2023-38408) has been uncovered in OpenSSH that can enable attackers to execute arbitrary commands remotely.

Don't wait—update now and keep your system secure.

Read: https://thehackernews.com/2023/07/new-openssh-vulnerability-exposes-linux.html

📢 Google announces support for cross-platform end-to-end encryption 🔒 with MLS protocol on its 💬 messages service for Android. Secure communication, regardless of the messaging platform used.

Read details here: https://thehackernews.com/2023/07/google-messages-getting-cross-platform.html

Zero-day vulnerabilities (CVE-2023-26077 and CVE-2023-26078) found in Atera remote monitoring software's Windows Installers can lead to privilege escalation attacks.

Read details: https://thehackernews.com/2023/07/critical-zero-days-in-atera-windows.html

🔐 Apple has released urgent patches to address multiple vulnerabilities in iOS, iPadOS, macOS, tvOS, watchOS, and Safari.

This includes a critical 0-day bug (CVE-2023-38606) actively exploited in the wild.

https://thehackernews.com/2023/07/apple-rolls-out-urgent-patches-for-zero.html

Make sure to update your devices ASAP!

⚠️ Attention IT Admins — Ivanti warns of a zero-day vulnerability (CVE-2023-35078) in Endpoint Manager Mobile (EPMM) software.

Read details: https://thehackernews.com/2023/07/ivanti-releases-urgent-patch-for-epmm.html

Patch ASAP to protect against unauthorized access and data breaches.

⚠️ Atlassian addresses critical vulnerabilities (CVE-2023-22505, CVE-2023-22508 and CVE-2023-22506) in Confluence Server, Data Center, and Bamboo Data Center.

Read: https://thehackernews.com/2023/07/atlassian-releases-patches-for-critical.html

Update now to protect against remote code execution attacks.

⚡ A serious security flaw has been found in AMD's Zen 2 processors, putting sensitive data at risk!

Discover the details of Zenbleed (CVE-2023-20593) – a speculative execution attack that allows data exfiltration at 30 kb/core/second.

Read: https://thehackernews.com/2023/07/zenbleed-new-flaw-in-amd-zen-2.html

🚨 TETRA:BURST — A series of critical vulnerabilities have been disclosed in the Terrestrial Trunked Radio (TETRA) standard used by government entities and critical infrastructure worldwide, including a potential intentional backdoor!

Details: https://thehackernews.com/2023/07/tetraburst-5-new-vulnerabilities.html

🦠 New banking malware alert!

Casbaneiro threat actors are evolving their tactics to avoid detection. A User Account Control (UAC) bypass technique grants them full admin privileges on compromised machines.

Read: https://thehackernews.com/2023/07/casbaneiro-banking-malware-goes-under.html